Vulnerabilities > CVE-2019-11785 - Missing Authorization vulnerability in Odoo

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
odoo
CWE-862

Summary

Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages.

Vulnerable Configurations

Part Description Count
Application
Odoo
12

Common Weakness Enumeration (CWE)